locked
running single script for multiple domains RRS feed

  • Question

  • Hi There,

    The script below only able to change account expiration on specific domain which I'm running in. I have multiple domains and I'm dont want to run them separately. How can I include multiple domain in one single script? Please help me

    Import-Module ActiveDirectory

    Import-Csv 'expire.csv' | ForEach-Object { Set-ADUser -Identity $_.User -AccountExpirationDate $([datetime]$_.Expiration_date) }


    • Edited by Pingu88 Thursday, August 23, 2018 7:12 AM
    Thursday, August 23, 2018 7:11 AM

Answers

  • I wonder if we have same set of samids across domains in the same forest.

    Seeing the above example, technically, the mentioned values for Servers belong to different forests. If you are trying to update expired accounts in multiple forests you need to run the commands with the -Credential parameter included, specifying credentials to respective servers based on Get-Credential prompt

    Modifying Jebisata's code a bit to the below,

    $expirecsv = Import-csv "expire.csv"
    $Servers = "domain1.forest1.com","domain1.forest2.com","domain1.forest3.com"
    $Credentials = $Servers | ForEach-Object { 
    Write-Host "Enter credentials for server: $_" -ForegroundColor Magenta
    Get-Credential
    }
    
    $ServersEnum = $Servers.GetEnumerator()
    $CredsEnum = $Credentials.GetEnumerator()
    
    
    while($ServersEnum.movenext() -and $CredsEnum.movenext()){
        $expirecsv | foreach-object {
            set-aduser -Identity $_.User -AccountExpirationDate $([datetime]$_.Expiration_date) -server $ServersEnum.Current -Credential $CredsEnum.Current
            }
    }
    
    Remove-Variable CredsEnum, Credentials

    Let me know if this works.


    • Marked as answer by Pingu88 Friday, August 24, 2018 3:12 AM
    Thursday, August 23, 2018 10:14 AM

All replies

  • You have to access each domain separately.  Use the "Server" parameter of the Set-AdUser command to select a DC in the domain.


    \_(ツ)_/

    Thursday, August 23, 2018 7:22 AM
  • Can you show me the example? Sorry, I'm a newbie in powershell.
    Thursday, August 23, 2018 7:30 AM
  • help set-aduser -online

    \_(ツ)_/

    Thursday, August 23, 2018 7:32 AM
  • You can include multiple DCs just creating a variable for them...

    $csv = Import-csv "expire.csv"
    $Servers = "DCDomain1","DCDomain2","DCDomain3"
    
    foreach ($server in $servers) {
        $csv | foreach-object {
            set-aduser -server $server -Identity #some code...
         
    }


    • Edited by Jebisata Thursday, August 23, 2018 7:35 AM
    Thursday, August 23, 2018 7:34 AM
  • Getting error

    Import-Module ActiveDirectory

    $csv = Import-csv "expire.csv"
    $Servers = "1.ab-test.com","1.cd-test.com"

    foreach ($server in $servers) {
        $csv | foreach-object {
            set-aduser -server $Server -Identity $_.User -AccountExpirationDate $([datetime]$_.Expiration_date) }
         
    }

    it should be adding multiple DC's from different domains.

    Thursday, August 23, 2018 7:48 AM
  • please tell me what is your error report


    Just do it.

    Thursday, August 23, 2018 8:58 AM
  • Import-Module ActiveDirectory

    $csv = Import-csv "expire.csv"
    $Servers = "1.ab-test.com","1.cd-test.com"

    foreach ($server in $servers) {
        $csv | foreach-object {
            set-aduser -server $Server -Identity $_.User -AccountExpirationDate $([datetime]$_.Expiration_date) }
         
    }


    set-aduser : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have 
    the Active Directory Web Services running.

    +         set-aduser -server $server -Identity $_.User -AccountExpirati ...
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ResourceUnavailable: (winter12:ADUser) [Set-ADUser], ADServerDownException
        + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADUser

    Checked AD WS running and the said server is healthy and operational.


    • Edited by Pingu88 Thursday, August 23, 2018 9:04 AM
    Thursday, August 23, 2018 9:03 AM
  • Every domain must have an ADWS installed o n at least one DC. 

    To test just query the domain.

    Get-AdUser -Filter * -Server domain1.mycompany.com

    If things are installed correctly the domain and the AD CmdLet should find the ADWS and return a list of users. 

    There must be a usable trust in place between the domains involved.


    \_(ツ)_/

    Thursday, August 23, 2018 9:08 AM
  • Able to query. i dont find any issue on it.

    Servers = "1.ab-test.com" -> works

    Servers = "1.ab-test.com","1.cd-test.com" -> not working.

    Thursday, August 23, 2018 9:15 AM
  • You cannot query multiple servers.  You can only specify one server at a time.


    \_(ツ)_/

    Thursday, August 23, 2018 9:20 AM
  • Able to query. i dont find any issue on it.

    Servers = "1.ab-test.com" -> works

    Servers = "1.ab-test.com","1.cd-test.com" -> not working.

    Is working this too?

    Servers = "1.cd-test.com" 

    Thursday, August 23, 2018 9:22 AM
  • Hi,

    Your .csv file has some users in different domains. When you run the script, some users can't be query in one Specific domain. I suggest you distinguish these users from their domain name. And add a if statement to judge them in different domains.

    Best Regards,

    Lee


    Just do it.

    Thursday, August 23, 2018 9:34 AM
  • Able to query. i dont find any issue on it.

    Servers = "1.ab-test.com" -> works

    Servers = "1.ab-test.com","1.cd-test.com" -> not working.

    To test domain readiness the "servers" must be domain names and not DCs.

    What are the domain FQDNs   The names you posted cannot be do mains.  They appear to be servers in a domain.

    domains also must all be in the same "Forest".  What is the forest name?


    \_(ツ)_/

    Thursday, August 23, 2018 9:34 AM
  • Hi,

    Your .csv file has some users in different domains. When you run the script, some users can't be query in one Specific domain. I suggest you distinguish these users from their domain name. And add a if statement to judge them in different domains.

    Best Regards,

    Lee


    Just do it.

    Which is why the first thing to do is to find a GC and get the users from the GC,  The user objects will be able to "find" their own domains.  Just looping through a bunch of servers will accomplish nothing.


    \_(ツ)_/

    Thursday, August 23, 2018 9:38 AM
  • Hi jrv,

    Thanks for your reply.

    I agree with you. This is the key to resolve this problem. 

    Best Regards,

    Lee


    Just do it.

    Thursday, August 23, 2018 9:45 AM
  • I wonder if we have same set of samids across domains in the same forest.

    Seeing the above example, technically, the mentioned values for Servers belong to different forests. If you are trying to update expired accounts in multiple forests you need to run the commands with the -Credential parameter included, specifying credentials to respective servers based on Get-Credential prompt

    Modifying Jebisata's code a bit to the below,

    $expirecsv = Import-csv "expire.csv"
    $Servers = "domain1.forest1.com","domain1.forest2.com","domain1.forest3.com"
    $Credentials = $Servers | ForEach-Object { 
    Write-Host "Enter credentials for server: $_" -ForegroundColor Magenta
    Get-Credential
    }
    
    $ServersEnum = $Servers.GetEnumerator()
    $CredsEnum = $Credentials.GetEnumerator()
    
    
    while($ServersEnum.movenext() -and $CredsEnum.movenext()){
        $expirecsv | foreach-object {
            set-aduser -Identity $_.User -AccountExpirationDate $([datetime]$_.Expiration_date) -server $ServersEnum.Current -Credential $CredsEnum.Current
            }
    }
    
    Remove-Variable CredsEnum, Credentials

    Let me know if this works.


    • Marked as answer by Pingu88 Friday, August 24, 2018 3:12 AM
    Thursday, August 23, 2018 10:14 AM
  • The more I look at this the more it looks like someone's homework question.  I suspect the, so called, servers are just made up names with no sense of what domain names look like or what a forest is.

    FOREST: myforest.com
    Domain in forest: domain1.myforest.com
    Server in domain: server1.domain1.myforest.com

    Any server chosen must be a DC and not just any server.

    All domains must have at least one DC running ADWS.

    And many other requirements.


    \_(ツ)_/




    • Edited by jrv Thursday, August 23, 2018 10:22 AM
    Thursday, August 23, 2018 10:19 AM